World's Worst Hacker? 174
An anonymous reader submitted a video clip that allegedly demonstrates a hacker working in a
honeypot.
If you fear for the future security of the internet, this video will set your mind at ease.
If mathematically you end up with the wrong answer, try multiplying by the page number.
Thar she goes (Score:1)
Re:Thar she goes (Score:4, Informative)
That was quick slashdotting..any alternate links?
No its been hacked.
Video Here (Score:5, Informative)
That was quick slashdotting..any alternate links?
Here's the YouTube video I watched on his site while it was in Firehose [youtube.com].
Re: (Score:1)
YouTube video I watched on his site while it was in Firehose [youtube.com]
Bah, amateur! I hacked the cached page from Google and cracked that Youtube URL from the source code! I'm teh 1337 haxx0r!
Re: (Score:2)
Re: (Score:2)
Watch the way he makes mistakes and backspaces them when trying to cd into /var/spool/samba.
I don't think automated scripts work like that. This idiot doesn't seem to know his way around a filesystem and is probably just copy pasting shit from a forum.
Re:Video Here (Score:5, Informative)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
http://www.youtube.com/watch?v=oJagxe-Gvpw&feature=player_embedded [youtube.com]
Next Gen Hacker 101 (Score:1)
Try this one:
Next Gen Hacker 101 - How to view someone's IP address going to Google [youtube.com]
Re: (Score:2)
Re: (Score:2)
You, like, didn't watch the video, so *whoosh*.
Re: (Score:2)
Try this one:
Next Gen Hacker 101 - How to view someone's IP address going to Google [youtube.com]
Oh that was painful. Did anyone here actually finish that video?
Could be dangerous. (Score:3)
In a thousand years, with a thousand more keyboards. But maybe he will produce all of Shakespeare's sonnets first.
Or he could be faking it.
Re: (Score:2)
Or more useful; he could rewrite PERL in that amount of time.
While I'm sure this happens a lot, he's not the kind of hacker I worry about.
Outsourcing everywhere (Score:5, Insightful)
I think what we see here (and I am being serious) is outsourcing at work. He downloads tools from a subnet in Pakistan, likely homebase.
Just like anything from software development to customer service is being offshored to lowest bidder and services being performed by people without appropriate skills, simply because they are cheap. Same thing here - mass hacking is a business, and it is being outsourced to cheap unskilled labor. Look at this and laugh - then realize, this is the kind of quality of production that modern legitimate businesses rely on every day. Scary, ain't it?
Re:Outsourcing everywhere (Score:5, Funny)
$zach@zach-desktop:~$>cd /comments /witty-retort /a
comments: no such file or directory found
$zach@zach-desktop:~$>cd
witty-retort:no such file or directory found
$zach@zach-desktop:~$>mkdir comments
$zach@zach-desktop:~$>cd comments
$zach@zach-desktop:~/comments$>echo "I'm not the lowest bid!"
I'm not the lowest bid!
$zach@zach-desktop:~/comments$>cd
a: no such file or directory
Grrr......
$zach@zach-desktop:~/comments$>telnet slashdot.org 80
Trying 216.34.181.45...
Connected to slashdot.org.
Escape character is '^]'.
Post comments
Connection closed by foreign host.
Now let's see if they posted my comment.....
Re: (Score:2)
I wonder if this is the guy who once or maybe still does work at one of Dell's Indian call centres who insisted we could not proceed with getting my laptop repaired until I tell him the error code on the screen of a laptop I'd just told him multiple times simply would not turn on, would not power up, would not display anything on screen.
No matter how I phrased it he was determined that Dell could not help me and honour my warranty until I gave him that mystical error code.
But then, this is probably also why
Re: (Score:2)
Good. If that's the competition, I'm solid gold.
Only if you are willing to be paid less than a living wage, be treated poorly, work endless hours and be an indentured servant. With the outsourcing going on, no one is going to be looking at your skills.
What he's doing? (Score:3)
Re:What he's doing? (Score:5, Interesting)
I saw this last week. There were all kinds of hilarious inabilities to properly change directories or find scripts, which is why he kept downloading the same crap over and over again. Just for fun, my boss here (at a well-known company that makes security products involving pigs) fetched some of the files that the kid was trying to use. Half of the scripts were just fucking awful, such as hard-coding repetitive actions rather than using loops. The so-called "hacker" also left clues to his identity all over the crappy "sploits", too.
I honestly have a hard time believing the douchebag in the video was able to get a shell, even on a honeypot, and then fail to be able to change directories. However, the kits he was fetching were also so terrible I don't think that even if this hadn't been a honeypot he'd ever have gotten any local privilege escalations anyway.
Re: (Score:2)
(at a well-known company that makes security products involving pigs)
Sowmantec?
Re: (Score:2)
I'm guessing SourceFire?
http://www.sourcefire.com/security-technologies/snort [sourcefire.com]
Re:What he's doing? (Score:4, Funny)
(at a well-known company that makes security products involving pigs)
I'd suggest you take a good review of your company's product line. Seems all it takes to thwart your security is a ragtag group of birds with a large slingshot and good aim.
Re: (Score:2)
Jst wnderfl nw here's cffee all ver m kebard and sme kes are stck!
That's not a hacker... damn script kiddies (Score:2)
Heh, I had my Redhat 4 box broken into using some remote samba exploit back in '97. (Been running Debian without incident ever since)
At least this "worst hacker" uses "history -c" at the end of his session. Mine just did a "rm ~/.bash_history" before he logged out ... at which point the shell just writes it over again with everything they did during their session, IP addresses and all :-P
Re:What he's doing? (Score:4, Informative)
Short version: He doesn't understand that tar -xzf uncompresses into the current working directory, and gets completely lost in terms of where he puts things.
He probably has a sheet of commands to copy/paste from and has little clue about how they actually work.
Re: (Score:1)
Re: (Score:2)
I dunno. The fact that he's too stupid to realize that Perl isn't installed on the system, or at least that the binary name might be changed, is pretty good, too.
Re: (Score:2)
Note he doesn't do anything with it. Perhaps he was testing bandwidth (for some stupid reason?)
I think the funniest part was repeatedly trying to run perl... and responding to failures by redownloading the scripts he wants perl to execute.
Re:What he's doing? (Score:4, Funny)
And he doesn't seem to know about 'ls'. If I was sitting next to this guy, I would mash his head on the keyboard.
Re: (Score:2)
The best thing is that he actually uses ls once, but then seems to forget about it.
It's probably in his copy-paste-file, but he has no understanding what he's supposed to do with it.
Re: (Score:3)
You can actually see what commands he copy/pastes and what he types himself, because the entire line appears at once.
Re: (Score:2)
I wondered if it could be a bot, but it did make mistakes and correct them. I could certainly write a more effective bot.
Re: (Score:2)
Hah, most people wouldn't get that reference.
Older unix tar did that stuff too. Very annoying.
Re: (Score:2)
In addition to what the other guys said, someone who knows what they are doing would install perl instead of downloading the script over and over.
Best Part (Score:3, Funny)
Re: (Score:3)
The best part was when he/she downloaded a copy of win2ksp3.exe.
From the comments of the Youtube video, apparently this is standard practice to test bandwidth. Because SP3 is so huge. Insert obligatory Microsoft joke here.
Re: (Score:2)
Only once. What he did repeatedly do is fail to remove "sudo" from commands he was trying to run after noting that sudo didn't exist, and he was already root.
Also, this process was repeated a bunch of times:
cd somewhere
wget & untar archive
perl SOMETHING
error: 'perl' command not found
Yea, because redownloading your .pl 50 times is going to magically make perl exist in $PATH
Re: (Score:2)
Some intruders download Windows service packs to check the bandwidth available.
Re: (Score:2)
Without your comment, though, I would have nothing to base the question of what wget is or does. Sans a google search, one might well infer w(indows)get (as in HTTP command).
> That takes a special kind of ignorance.
Fixed that for ya. "Dumb" ma
Re: (Score:2)
I think that was to test the downstream bandwidth. If you go to the Kippo site in the summary and watch the demos, you will notice one of those guys wget an XP service pack and kill it off once the download speed was stable.
Slashdotted (Score:1)
Re: (Score:3)
This is clearly the hacker's revenge. He couldn't toss in an exploit using the script-kiddiness, so he's DDOSing the site instead.
Youtube it (Score:1)
http://www.youtube.com/watch?v=oJagxe-Gvpw
The soundtrack (Score:1)
The rest is plain sh*t.
Re:The soundtrack (Score:4, Funny)
http://xkcd.com/606/ [xkcd.com]
Re: (Score:2, Informative)
Re: (Score:3)
Re:The soundtrack (Score:4, Insightful)
> What is it?
Unnecessary, as with all background music in amateur videos.
Why do kids these days have such problems with absence of noise?
HINT: I came to watch the video, not to inflict your choice of "kewl music" upon myself.
Re: (Score:2)
Re: (Score:2)
It's the end credits from the video game "Portal" by Valve. It was written by Jonathan Coulton: http://www.jonathancoulton.com/2007/10/15/portal-the-skinny/ [jonathancoulton.com]
Direct Youtube Link (Score:5, Informative)
For those who are getting a slashdotted server, here is the video [youtube.com].
What year is this? (Score:1)
Gee I sure wish there some sort of video service that could host videos so that I could watch this video.
Re:What year is this? (Score:4, Insightful)
This is called "how the Internet was meant to work" with end-to-end connection between the client and the provider, not with a centralized advertising agency.
Forget about the future of Internet security... (Score:1)
oh, it's a troll (Score:5, Interesting)
First I just thought "well, not everyone is a super smart irrelevant cubicle IT support geek" and shrugged at the point that was trying to be made - which, I guess, is something along the lines of "it's really this easy to break in to some systems, and it's great to laugh at people who.. err.. manage it, because not everyone knows what to do next."
Then I saw them downloading W2Ksp3, and realised that the whole thing is just a bit of sensationalism to get pageviews. The hacker is as genuine as the honeypot.
Re:oh, it's a troll (Score:4, Insightful)
Look again....
He unpacks his kit, and then expects to do something in /var/spool/samba
My assumption would be that he has some kit that is intended to be put onto a samba server, and then used to exploit windows machines that use that server. That might pan out, if he happened to make his way onto an actual samba server.... or one with perl installed.
Not conclusive, you could be right but, given his hard-on for samba, it seems plausible to me.
Re: (Score:2)
or one with perl installed.
You mean with perl on $PATH. That he tried running it repeatedly and didn't hunt for it's location (or check $PATH) shows he really is something 'special'
Re: (Score:2)
Re:oh, it's a troll (Score:4, Interesting)
Well, I now have a second point: improve your cognitive skills. A honeypot is not genuine in the sense that it is not providing a genuine public service, merely sitting there trying to lure ne'er-do-wells. And the person typing is not genuine in the sense that he is probably the video author, trying to get hits for his site by playing the almost risk-free "make geeks feel superior" gambit.
Re: (Score:3)
To help the Slashdotted site (Score:1)
Tracer Tee (Score:5, Funny)
Re:Tracer Tee (Score:4, Insightful)
Looks like he's trolled about 620 thousand people. I think the best way to socially engineer a geek is to make them feel superior to you, because they cannot resist loudly correcting you and assuming you're an idiot from that point on.
Re: (Score:2)
Given the choice between incompetence and malice, always assume incompetence.
Re: (Score:2)
I've heard that so often, but I've never understood: why?
Re: (Score:2)
I've heard that so often, but I've never understood: why?
Because otherwise you'll turn into a paranoid maniac?
If you assume that everything that occurs is being masterminded by someone in order to fool, manipulate, or otherwise take advantage of people, you'll be the crazy guy at the party whom everyone avoids because he won't shut up about how the reptilians in the US government flew remote-controlled planes into the WTC. If you go with the "assume incompetence" approach you'll not only be correct more often, you'll also have a much more active social life.
Re: (Score:2)
It does not follow from the reasonable assumption that everyone tries to do things for his own gain (a consequence of free will) that "reptilians in the US government flew remote-controlled planes into the WTC".
Re: (Score:2)
It does not follow from the reasonable assumption that everyone tries to do things for his own gain (a consequence of free will) that "reptilians in the US government flew remote-controlled planes into the WTC".
That's absolutely correct. I fail to see the relevance, though.
Re: (Score:2)
Once you accept that humans tend toward rational selfishness, you can assume that whatever they are doing is designed to benefit them. Any complex behaviour must be intentional (ignoring the clinically insane) - we assume that rational humans are capable of being responsible for themselves. Therefore most behaviour is intentionally rational selfish.
Now, does that mean the behaviour is necessarily malicious? No. This is only judged by the observer when the observer of the behaviour happens to be at moral odd
Re: (Score:2)
Once you accept that humans tend toward rational selfishness, you can assume that whatever they are doing is designed to benefit them
Right, so a guy who pimps out his girlfriend so he can buy heroin which he then injects with a syringe he found on the street ... he's designing his action to help himself. And the drunk jackass who cuts off a leg while juggling a chainsaw, also trying to help himself. Oh, and we can't forget the thousands of people who commit suicide every day - they are, of course, designing their actions to benefit themselves.
You know, even if I agree with your statement 100%, it's still completely irrelevant. I said
Re: (Score:3)
This guy from tfa is following a list of commands he got from somewhere, but my question is what was the list supposed to accomplish?
Not the worst.... (Score:2)
There is a metric buttload of idiots like that out here in the intar-webs. they are only slightly better than the nex level up that actually have some understanding but are still just script kiddies.
I think I need to set up a honeypot like that, I need some good entertainment.
Re: (Score:2)
please define "metric buttload" or are you talking "kilobuttload?"
Re: (Score:3)
please define "metric buttload"
3.28 Imperial butloads.
Re: (Score:2)
Sure there can be! One KiloButtload = 1000 Buttloads..
but I don't think assload != buttload
now if buttload = assload then I could agree.
Youtube link (Score:5, Informative)
Re: (Score:2)
Slashdotted (Score:2)
Mirror anyone?
Burn baby, burn (Score:2)
I'd like to get a video of the server that is hosting the hacking video right now so we can watch it melt.... :)
Old Paper on Toying with Crackers (Score:3)
This reminds me of Bill Cheswick's paper "An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied [megasecurity.org]," from the 1992 Winter USENIX Conference. (Paper is available directly from Mr. Cheswick's site here [cheswick.com] as a postscript file).
In it, he toys with an intruder for a number of days. He pretends the system has actually been hacked, gives up bogus password files, and manually pretends to be a particularly slow machine with a lot of easy holes in it. It's a well-written, excellent piece of writing. I recommend it to anyone who enjoyed this video.
Mirror (Score:3)
On Good old Youtube: http://www.youtube.com/watch?v=oJagxe-Gvpw [youtube.com]
Down the hole! (Score:2)
Everyone knows that the best hack is whiterabbit.obj!
213.248.54.246 (Score:2)
I guess even in Russia some 'hackers' are better than others:
Additional whois information for 213.248.54.246:
True Story from Michigan (Score:3, Interesting)
So, back when I was an undergrad and used to play around on MUDs, my roommate and I wound up talking to a young woman who claimed to be a hacker. She wanted to get together, and asked if she could bring a friend. Figuring we were about to get incredibly laid, we invited her up to the university. Young and dumb, what can I say.
We met her and her friend at a rest stop. We waited for a long time, and were about to leave when an incredibly ramshackle old sedan rolled up, with its muffler clanking and rattling, its headlights flickering, and great clouds of blue smoke trailing out behind. A beautiful girl leapt out of the car, followed by her friend: a very tall, very skinny punker dude.
Our spirits were crushed, but being polite computer science students, we couldn't figure out how to get rid of them. They didn't have enough gasoline to get home, but they DID have booze. So we went back to the university.
Immediately they wanted to "hack a computer", and marched to the computer lab, which was still open. This was where we talked on the MUD. There was no talking them out of it. Trailing behind them, wondering what on earth they thought they were going to be able to do from a computer lab, we somberly shuffled along.
On seeing a computer, the girl leapt into action! jumping into the seat, she said "I'm gonna hack this bitch!" and her boyfriend perched on the back of her seat to egg her on. I said something like "hey, look, don't do anything that'll get anyone in trouble, ok?" and she said something like "don't worry, I'm leet, nobody's ever going to know I was here!" This did not soothe my fears. I was about to say something else when she got a DOS prompt, and started typing in random passwords.
> God
> File not found. (I don't remember the exact words)
> Sex
> File not found.
(This went on for a long time.)
My roommate and I chatted quietly a few feet away, greatly relieved. We admitted our suspicion that this person did not, in fact, know anything about computers, or possibly anything else. To our enormous relief, the person appeared to be harmless. Also, it was becoming clear that neither one of us were going to get any. We wondered what we should do. We didn't want to be rude.
Suddenly, I had a thought. "Let's get her into the MUD!" My roommate thought that was an excellent idea, so we said "Hey, somebody wrote this path on a piece of paper over there... Maybe it'll get you in!" She tried it, and was allowed to log into the MUD. She yelled out in triumph! She was invincible!
She played happily on the MUD for about a half hour, with her boyfriend proudly telling us how "leet" she's always been, and then we went back to our room. We let them crash on the suite couch, and they were gone in the morning.
I wonder how many "hackers" are like this? Just trying stuff they saw on TV, with no understanding of what's actually going on?
Anyway, she was gorgeous, so I think we can be forgiven for indulging her a bit. She was about 5'5, with pale skin, medium brown long straight hair down to her hips, and a mix of hippie and punk clothes. Such an appealing woman... Not really connected to reality, exactly, but definitely not boring.
Re: (Score:2)
she sounds really hot!
now stop comparing every woman you meet against her :D
Re: (Score:2)
Re: (Score:3)
Hey, let's try to CD into all kinds of directories that don't exist.
# /var/spool>cd /spool /var/spool>cd /samba /var/spool>cd /a /var/spool>cd /var /var>cd /spool /var>cd spool /var/spool>copy/pasted commands to download random tarball /var/spool>more failure to cd
No such file or directory
#
No such file or directory
#
No such file or directory
#
#
No such file or directory
#
#
#
#/var/spool>sudo aptitude ruby and stuff
sudo: command not found
#/var/spool>wget path/to/win2ksp3.exe
That's it,
Re: (Score:2)
Looks like the time I got hacked (my fault, had a crappy password).
Idiot was so dumb he didn't zap the bash history file.
Spent a lot of time downloading and failing to install rootkits and other hacking tools, not having noticed that it was a UnixWare machine and not Linux.
Re: (Score:2)
Also, is that # prompt literal? The guy is root but is failing to run things through sudo?
Re: (Score:2)
Yes, it is literal. The machine doesn't have sudo installed, and he didn't try running it without sudo.
Re: (Score:2)
What's that quote about the definition of insanity being attempting the same thing over and over and expecting a different result? :)
Re: (Score:2)
Pavlov would be proud. Just because repeating steps in Windows sometimes leads to success doesn't mean it works on every OS.
Re: (Score:2)
No wonder you posted anonymously, from shame... You also probably use a MAC and don't realize it.
Re: (Score:2)
A Media Access Control?
Re: (Score:2)
MACintosh...
Sorry Capitalization error...
Re:But... (Score:5, Insightful)
if perl was installed (as it is on almost every linux system these days) his scripts would have run.
First rule of information security: Never run anything you don't need to. If at all possible, don't even install it. Who cares about an exploit in ${PACKAGE} when you haven't got that installed anyway?
Any hacker worth their salt wouldn't be too disappointed that perl wasn't installed. He already had a root prompt and ls showed a .apt directory - there's a good chance apt-get install perl would have got perl in there in about 20 seconds flat.
this guy was simply to follow his cheat sheet and it didn't work. in fact, i see this as a complete failure of the honeypot scenario as it's supposed to provide a fake environment to gather intel. this honeypot does nothing of the sort and seems to be more for entertainment than anything else.
I'm not so sure. We now have a good idea what's on his cheat sheet and - more importantly - have a number of URLs where some potentially interesting scripts may be found. It's possible (though if this is the sort of thing we're dealing with, I'd venture unlikely) that those scripts might provide information about a hitherto unknown local exploit.
Oh, maan (Score:2)
Oh yes, and "shoarec" means mouse.
PS. Yes, I live in Romania.